From: David Harel (hareldvd_at_nonexisting.hamakor.org.il)
Date: Thu 10 Jun 2004 - 00:55:04 IDT
Hi,
Some time ago I asked this group about an idea of mine to track smtp
activity.
The reason I want to do so is that a while ago I was suspected of
sending spam messages. Knowing that I would never do such a thing I
assumed I got infected with some kind of a worm. (I understand that
there are some worms that work on Linux).
While thinking it over, I remembered a friend of mine who works in
Cyprus. He told me about a service the credit card companies have. When
your credit is charged you get an SMS on your cell phone. So now I send
a message to the user every time an outgoing smtp connection is made.
The user should know if the warning he got is due to his initiation of
sending an e-mail or else...
So finally I implemented it calling it warnsmtpd. That is it' runs as a
daemon. It is now running on my machine - basically a RH 9 machine. It
is using information from /proc directory. More specifically, I detect
smtp communication from /proc/net/tcp (should I look into UDP also?) on
remote_port 0019 (25) and correlate the inum to the fd link file in
/proc/XXXX/fd/...(one of them is a symlink to "socket:[INUM]"). With
that I write warning print like:
The program /usr/local/mozilla/mozilla-bin pid 15914
sends SMTP message using tcp Protocol to
Remote_Address 212.117.129.230
The program detects if you got X11 running (again looking for processes
in /proc but this time looking for the file cmdline) . In that case it
will use xmessage to send you the warning. otherwise it sends the
message to /dev/console.
If this solution is worthwhile, I want your help to make it a GPL package.
Even though I call this program version 0.1.0' I consider it as merely
the first draft.
I want to get your comments about everything including necessity,
style, portability.
You can get this program from:
ftp://hareldvd@www.ergolight-sw.com/WarnSMTP-0.1.0.tar.gz
Unfortunately, you will need a password: warnsmtp
The file you need to compile is in /usr/src/WarnSMTP-0.1.0. I did not
put in a Makefile in because simple compilation is all it currently
need. (no ./configure , no portability )After compilation, put
warnsmtpd in /usr/local/bin if you like. I also added the startup script
in /etc/init.d and a launching script in /usr/local/bin which assume
warnsmtpd is in /usr/local/bin
--
Thanks.
David Harel,
==================================
Home office +972 4 6921986
Fax: +972 4 6921986
Cellular: +972 54 4534502
Snail Mail: Amuka
D.N Merom Hagalil
13802
Israel
Email: hareldvd_at_ergolight-sw.com
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Thu 10 Jun 2004 - 01:05:06 IDT